Tag Archive for: Authentication

Genesis HealthCare System Builds on its Investment in BIO-key Biometric Authentication Security as it Migrates to Epic Hyperdrive

/in


BIO-key International, Inc.

BIO-key International, Inc.

ZANESVILLE, Ohio and HOLMDEL, N.J., Dec. 14, 2023 (GLOBE NEWSWIRE) — BIO-key® International, Inc. (NASDAQ: BKYI), an innovative provider of workforce and customer Identity and Access Management (IAM) featuring passwordless, phoneless and token-less Identity-Bound Biometric (IBB) authentication solutions, announced that its longstanding customer Genesis HealthCare System, the largest healthcare provider in its six-county region of Ohio, will add BIO-key’s PortalGuard IAM platform to support its existing BIO-key biometric authentication investment as it migrates to Epic Systems’ Hyperdrive end-user application interface. Genesis HealthCare has a network of more than 300 physicians and 4,000 employees across 27 locations.

PortalGuard’s standards-based integration with Hyperdrive allows Genesis HealthCare System to continue enjoying the security and streamlined biometric authentication user experience that BIO-key provides without re-enrolling employees or adopting more cumbersome and expensive multi-factor authentication solutions.

Named by Computerworld as one of the 100 Best Places to Work in IT every year since 2017, Genesis Healthcare utilizes BIO-key biometric software and hardware to secure and streamline its users’ login experience for Epic. By deploying PortalGuard IAM, it is able to maintain a consistent user experience and simplify the Hyperdrive migration. PortalGuard fully supports Hyperdrive’s modern authentication approach through its SAML Identity Provider (IdP) capabilities. PortalGuard provides seventeen authentication factor options, including WEB-key fingerprint authentication, the same core BIO-key biometric authentication platform regularly used by thousands of Genesis HealthCare employees. Additionally, users can now use PortalGuard for biometric authentication in other hospital applications through its support for standard IdP integration options like SAML, OAUTH, and OpenID Connect.

“Epic is a mission-critical application for many of BIO-key’s hospital customers, and implementing PortalGuard SAML SSO allows Genesis to maintain streamlined workflows and ensure secure access to patient information with IBB,” said Mark…

Source…

The Impact of Passwordless Authentication on Internet Security in North America

/in


Exploring the Impact of Passwordless Authentication on Internet Security in North America

The advent of passwordless authentication has been a game-changer in the realm of internet security in North America. This innovative technology has been instrumental in addressing the perennial problem of password-related breaches, which have been a significant concern for businesses and individuals alike.

Passwordless authentication is a security method that verifies users without requiring them to enter a password. Instead, it uses other forms of validation such as biometrics, hardware tokens, or magic links sent via email or SMS. This approach has been gaining traction due to its potential to enhance security while improving user experience.

One of the most significant impacts of passwordless authentication on internet security is the reduction in the risk of password-related breaches. Traditional password-based systems are vulnerable to a variety of attacks, including brute force, dictionary attacks, and phishing. By eliminating the need for passwords, these threats are effectively mitigated.

Moreover, passwordless authentication eliminates the risk associated with poor password practices. A study by the Ponemon Institute found that 51% of respondents reuse passwords across multiple accounts, a practice that significantly increases the risk of a security breach. By removing the need for users to remember and manage multiple passwords, passwordless authentication reduces the likelihood of such risky behavior.

In addition to enhancing security, passwordless authentication also improves user experience. Remembering multiple complex passwords can be a daunting task for users, often leading to frustration and decreased productivity. Passwordless authentication simplifies the login process, making it quicker and more convenient for users. This improved user experience can also have a positive impact on businesses by increasing user engagement and customer satisfaction.

However, like any technology, passwordless authentication is not without its challenges. One of the main concerns is the potential for biometric data breaches. Biometric data, such as fingerprints or facial recognition, is…

Source…

Are Voice Authentication Security Systems Effective? Deepfake Attack Poses Alarming Threat

/in


Computer scientists from the University of Waterloo have made a concerning discovery regarding the effectiveness of voice authentication security systems. 

They have identified a method of attack that can successfully bypass these systems with an alarming success rate of up to 99% after only six attempts.

COLOMBIA-AVIATION-BIOMETRIC-MIGRATION-SYSTEM-EL DORADO-FEATURE

(Photo : JUAN BARRETO/AFP via Getty Images)
Passengers use BIOMIG, the new biometric migration system, at El Dorado International Airport in Bogota on June 2, 2023. Colombian Migration launched a new biometric migration system for foreigners.

Deepfake Voiceprints

Voice authentication has become increasingly popular in various security-critical scenarios, such as remote banking and call centers, where it allows companies to verify the identity of their clients based on their unique “voiceprint.”

During the enrollment process of voice authentication, individuals are required to replicate a designated phrase, which is then used to extract and store a distinct vocal signature or voiceprint on a server. 

In subsequent authentication attempts, a different phrase is utilized, and the extracted characteristics are compared against the stored voiceprint to ascertain access.

However, the researchers at the University of Waterloo have found that voiceprints can be manipulated using machine learning-enabled “deepfake” software, which can generate highly convincing copies of someone’s voice using just a few minutes of recorded audio. 

Hence, developers introduced “spoofing countermeasures” to differentiate between human-generated speech and machine-generated speech.

The research team have created a method that bypasses these spoofing countermeasures, enabling them to deceive most voice authentication systems within only six attempts. 

They have identified the markers in deepfake audio that expose its computer-generated nature and have created a program to take out these markers, rendering the fake audio indistinguishable from real recordings.

During a evaluation conducted on Amazon Connect’s voice authentication system, the researchers accomplished a 10% success rate within a brief four-second attack, which escalated to over 40% in under thirty…

Source…

Outlook for Android, iOS to get own Multi-factor authentication capability this month

/in


Microsoft plans to inject a dedicated multi-factor authentication (MFA) capability into Outlook for Android and iOS, and its general availability is expected to arrive this month.

Microsoft wants to make it easier for its Outlook users to perform MFA. With this, the Redmond company revealed in its latest Microsoft 365 roadmap entry that it will introduce a so-called “Authenticator Lite” in the app. According to the feature description, it will cover work or school accounts being used on Microsoft 365 app, Azure Active Directory, and Outlook.

“Authenticator Lite (in Outlook) is a feature that allows your users to complete multi-factor authentication (MFA) for their work or school account using the Outlook app on their iOS or Android device,” the roadmap entry reads.

Despite this, it is important to note that the company already offers the Microsoft Authenticator that Android and iOS users can use for Outlook, other Microsoft products, and other third-party applications. And while introducing the Authenticator Lite might sound redundant for those who already have the Microsoft Authenticator, this will make Outlook a more comprehensive app armed with its own MFA feature. Additionally, this might be one of the software giant’s initiatives to further boost the security capabilities of Outlook as more authorities put scrutinizing eyes on tech companies.

Last month, it can be recalled that the director of the Cybersecurity and Infrastructure Security Agency, Jen Easterly, called out Microsoft and Twitter due to the low MFA usage rate among their customers. According to Easterly, only one-quarter of Microsoft’s enterprise customers use it. The official, meanwhile, praised Apple for the high usage rate of the security feature due to its decision to make the feature a default.

Microsoft is also determined to promote the use of MFA in its products, starting with Outlook. However, instead of going the same path Apple is taking by making MFA default, it seems the software company wants to achieve this by making the security feature more convenient and accessible to encourage more users to embrace it. Once Authenticator Lite is completely rolled out, we will see how effective this…

Source…